M5-400 Login attempt for nonexistent user from | Ubiquiti форум UBNT: инструкции, настройка

M5-400 Login attempt for nonexistent user from

Dmitriyq

новичок
28 Фев 2016
17
0
3
40
Доброго дня. Две точки М5-400 расстояние 5.5 км. Станция стала перезагружаться периодически
Идет бесконечный лог:
7 00:06:43 dropbear[1730]: Child connection from 5.188.10.180:19778
Jan 7 00:06:47 dropbear[1730]: Login attempt for nonexistent user from 5.188.10.180:19778
Jan 7 00:06:47 dropbear[1730]: Exit before auth: Exited normally
Jan 7 00:06:47 dropbear[1731]: Child connection from 5.188.10.180:43472
Jan 7 00:06:51 dropbear[1731]: Login attempt for nonexistent user from 5.188.10.180:43472

Как от него избавиться?
Firmware Version: XW.v6.0.4
Заранее спасибо.
 
D

Dignato

Guest
Попробуйте для начала обновить прошивку, и поменять номер порта SSH.
 
Автор
D

Dmitriyq

новичок
28 Фев 2016
17
0
3
40
Доброго дня. Порт поменял, все прекратилось.
Но появились след строки...
Feb 19 17:26:46 httpd[6638]: Login attempt for nonexistent user from 95.143.221.121
Feb 19 17:26:46 httpd[6639]: Login attempt for nonexistent user from 95.143.221.121
Feb 19 17:33:00 httpd[6742]: Bad password attempt for 'ubnt' from 95.143.221.121
Feb 19 17:33:01 httpd[6743]: Bad password attempt for 'ubnt' from 95.143.221.121
Feb 19 17:33:01 httpd[6744]: Bad password attempt for 'ubnt' from 95.143.221.121
Feb 19 17:33:02 init: process '/bin/lighttpd -D -f /etc/lighttpd.conf' (pid 5877) exited. Scheduling for restart.
Feb 19 17:33:02 init: Run: /bin/lighttpd -D -f /etc/lighttpd.conf
Feb 19 17:33:02 init: starting pid 6745, tty '/dev/null': '/bin/lighttpd -D -f /etc/lighttpd.conf'
Feb 19 17:33:11 httpd[6746]: Bad password attempt for 'ubnt' from 95.143.221.121
Feb 19 17:33:20 httpd[6747]: Login attempt for nonexistent user from 95.143.221.121
Feb 19 17:33:21 httpd[6748]: Login attempt for nonexistent user from 95.143.221.121
Feb 19 17:33:21 httpd[6749]: Login attempt for nonexistent user from 95.143.221.121
Feb 19 18:00:23 hostapd: ath0: STA 44:d9:e7:0e:52:03 WPA: group key handshake completed (RSN)
Feb 19 19:00:23 hostapd: ath0: STA 44:d9:e7:0e:52:03 WPA: group key handshake completed (RSN)
Feb 19 20:00:23 hostapd: ath0: STA 44:d9:e7:0e:52:03 WPA: group key handshake completed (RSN)
Feb 19 21:00:23 hostapd: ath0: STA 44:d9:e7:0e:52:03 WPA: group key handshake completed (RSN)
Feb 19 22:00:23 hostapd: ath0: STA 44:d9:e7:0e:52:03 WPA: group key handshake completed (RSN)
Feb 19 23:00:23 hostapd: ath0: STA 44:d9:e7:0e:52:03 WPA: group key handshake completed (RSN)
Feb 20 00:00:23 hostapd: ath0: STA 44:d9:e7:0e:52:03 WPA: group key handshake completed (RSN)
Feb 20 01:00:23 hostapd: ath0: STA 44:d9:e7:0e:52:03 WPA: group key handshake completed (RSN)
Feb 20 02:00:23 hostapd: ath0: STA 44:d9:e7:0e:52:03 WPA: group key handshake completed (RSN)
Feb 20 03:00:23 hostapd: ath0: STA 44:d9:e7:0e:52:03 WPA: group key handshake completed (RSN)
Feb 20 04:00:23 hostapd: ath0: STA 44:d9:e7:0e:52:03 WPA: group key handshake completed (RSN)
Feb 20 05:00:23 hostapd: ath0: STA 44:d9:e7:0e:52:03 WPA: group key handshake completed (RSN)
Feb 20 05:01:11 httpd[6823]: Bad password attempt for 'ubnt' from 46.249.11.182
Feb 20 05:01:11 httpd[6824]: Bad password attempt for 'ubnt' from 46.249.11.182
Feb 20 05:01:11 httpd[6825]: Bad password attempt for 'ubnt' from 46.249.11.182
Feb 20 05:01:12 httpd[6826]: Bad password attempt for 'ubnt' from 46.249.11.182
Feb 20 05:01:12 httpd[6827]: Login attempt for nonexistent user from 46.249.11.182
Feb 20 05:01:13 httpd[6828]: Login attempt for nonexistent user from 46.249.11.182
Feb 20 05:01:13 httpd[6829]: Login attempt for nonexistent user from 46.249.11.182
Feb 20 05:20:50 httpd[6836]: Bad password attempt for 'ubnt' from 46.249.11.182

Я не очень понимаю, но по-моему идет перебор паролей... по http...
Как защитить себя от этого?
 

Fenek

участник
2 Янв 2018
115
13
20
Самое простое -- поменять стандартные порты и на http/https.
Ну или поставить дропы в фаерволе на все ненадежные адреса.